A couple of lingering questions raised by David Kris's wonderfully elucidating series of posts:

1. Will the new law, as David suggests, permit the NSA to engage in undifferentiated "vacuum-cleaner"-like collection of calls between persons in the U.S. and those outside it, or does the requirement that there be "targeting of persons reasonably believed to be located outside the United States" mean that the NSA has to focus its surveillance on particular, known persons outside the U.S.? As James Dempsey puts the question in an extremely helpful post that complements David's, "are we talking about recording millions and billions of calls and emails or merely hundreds of thousands?" It is something of a scandal that neither we the public, nor many (if any) of the legislators voting for this bill, know the answer to this and related questions.

2. In his latest post, David emphasizes a point that not many people appreciate -- namely, that under the 1978 FISA, the NSA was free under federal law to indiscriminately intercept, and then use, virtually all communications between U.S. persons in the U.S. and persons overseas, as long as the interception took place overseas (and the surveillance was not "directed" at someone in the States). (Conceivably, the Fourth Amendment might limit such surveillance, but I'm not aware of any case law on the question.)

Several defenders of the new law have argued that if there was nothing wrong with such interceptions from 1978 to 2001 -- and they were not subject to FISA -- what is the big deal about the new law, which simply authorizes interceptions outside the FISA framework of the exact same U.S.-to-foreign communications, but this time where the interception occurs here in the States? Indeed, as David points out, in one respect the new law will be even more restrictive than FISA, in that section 704 of the new statute will require a judicial finding of probable cause for such surveillance if it targets U.S. persons located abroad (something that was not required under FISA).

So what's the fuss about?

Well, to begin with, I take slight issue with David's characterization that "Congress in 1978 deliberately allowed NSA to conduct warrantless surveillance of international calls [intercepted abroad] as long as it was not targeting individual Americans located in the United States." Congress recognized that this practice, too, could raise serious problems with respect to the privacy of Americans who make such calls. But the issue raised very difficult questions that could not be resolved by the time Congress was ready to act, and so the legislature decided to put the issue off, with the conferees promising that they would address the issue in the near term.

And such reconsideration never happened. Why? Who knows? Perhaps Congress didn't enact such post-FISA gap-filling legislation because there was no political impetus for it; or because the Reagan Administration was strongly opposed and a presidential signature seemed unlikely; or because it was too hard to come up with the proper statutory fix; or perhaps because Congress reconsidered and concluded that the NSA should be free to indiscriminately collect such communications overseas. Or some combination thereof.

For quite a while, this congressional failure to address NSA's overseas surveillance of U.S.-to-foreign communications was simply not that big a deal, because U.S. persons did not make many international phone calls. And virtually no one had e-mail. Moreover, surveillance overseas was quite onerous -- presumably the NSA could not simply collect virtually all international communications. Thus, for many years after FISA was enacted, although there was no statute limiting the NSA's interceptions of U.S. person phone calls to foreigners (where the U.S. person was not the target), this regulatory lacuna likely did not result in very many NSA interceptions of such calls.

Now, as a practical matter, everything has changed. Obviously, the volume of U.S. person communications with foreigners has increased exponentially -- it is a ubiquitous feature of many of our lives. In addition, the new law will greatly increase the NSA's power to intercept such calls, by allowing the agency to do so here in the U.S., with the assistance of U.S. telecoms. These two changes -- one in the nature of our worldwide communications, the other in the capabilities of the NSA -- conspire to mean that, under the new law, the NSA will be able to collect many, many more of our communications. The law may have remained "neutral" as a formal matter, but because technologies, and thus practices, have changed, such "neutrality" has profound implications for the sheer magnitude of the intrusion into the privacy of our international communications.

This does not mean that the NSA should, or should not, be given this new authority. But it does mean that it would be a profound sea change, not business as usual or a technical tweak to the 1978 regime.

I'm sick and tired of everybody pretending that the structure of the 1978 FISA law was some mysterious, inexplicable mish-mash. Here's a hint. Go read the Church Committee's report on the NSA.

FISA was written specifically prevent the abuses uncovered by the committee. It prohibited watchlisting American citizens. It outlawed the NSA's practice of reading ALL telegrams going out of and coming into this country. Most of all it outlawed tapping the telephone company's circuits in the U.S.

The reality in 1978 was that the NSA had no way to intercept foreign to foreign communications from inside the U.S. In 1978 few of the places the NSA wanted to tap had phone companies that would have cooperated with it the way AT&T did. In short, FISA place real limits on what the NSA could do. The current version of FISA eviscerates those limits entirely. All of the supposed limits in the current bill are worthless. This bill will allow the NSA to listen in on essentially all of your phone calls when they want to without any warrant whatsoever.

Of course as a US citizen who lived overseas from 1983 to 2000, I take very little comfort from the fact that no provision was made to think about surveillance of Americans who actually lived overseas. It is one of those weird areas of US law where Congress frequently does not factor in the consequences of legislation on Americans who live and work abroad.Best,Ben

2. In his latest post, David emphasizes a point that not many people appreciate -- namely, that under the 1978 FISA, the NSA was free under federal law to indiscriminately intercept, and then use, virtually all communications between U.S. persons in the U.S. and persons overseas, as long as the interception took place overseas (and the surveillance was not "directed" at someone in the States).

With due respect to Mr. Kris, this can't be right. While 50 USC § 1801(f)(3) would allow interception of radio communications when at least one intended recipient was outside the U.S., I think the relevant statute for domestic interception is 50 USC 1801(f)(2):

(2) the acquisition by an electronic, mechanical, or other surveillance device of the contents of any wire communication to or from a person in the United States, without the consent of any party thereto, if such acquisition occurs in the United States, but does not include the acquisition of those communications of computer trespassers that would be permissible under section 2511(2)(i) of title 18;

I think the alleged "radio communications" loophole is a red herring; there's no rational reason to make communications privacy subject to the vagaries of routing, and no reason to not protect satellite communications (where part of the transmission is via radio, but other parts by wire), but to protect cable communications. As I've posted previously, I think that the "radio" provision was intended to cover unidirection actual radio broadcasts by the erstwhile targets, rather than communicationsx where the carrier is doing part of the transmission via microwave.

The "radio" loophole is just a ruse or a back-door by which the gummint though they might be able to finagle at least some warrantless snoops of a fraction of the traffic, but why the legislators should have intended such a loophole is beyond me.

As a, thankfully, non US person, I have always rather resented the fact that the USA has felt able to (and did) intercept my communications without any by your leave. Yet another case of "US exceptionalism" where what is good enough for "furriners" is not good enougfh for US citizens.

The NYT has an interesting article today on the state of the US-EU negotiations on data protection.Article

I would be surprised if the US-EU negotiations go as smoothly as the articles seems to envisage - there will have to be a right to sue the government for improper use of data - or the deal is unlikely to be made.

But the principle is important - we cannot in this day and age stop the accumulation of data on us which we would have preferred not be captured. But the effective answer is control of the use made of such data.